Cyberattack on the Department of Health and Human Services

Cybercriminals are targeting the U.S. Department of Health and Human Services (HHS) in an attempt to overload its website with hundreds of thousands of hits. As per the statement of HHS spokesperson, Caitlin B. Oakley, the HHS discovered more activity on the HHS cyberinfrastructure, which seems to be a Distributed Denial of Service (DDoS) attack attempt.

The people behind the attack did not succeed due to extra protections set up to abate DDoS attacks, which was part of the preparation of HHS and reaction to the COVID-19 pandemic. HHS has got an IT infrastructure having risk-based security controls. It has continuous tracking to identify and street deal with cybersecurity risks and vulnerabilities.

There was no data breach encountered and the function of HHS and federal networks are still normal. Federal cybersecurity experts are continually monitoring HHS computer networks and are ready to undertake suitable measures to safeguard those networks and minimize attacks if they happen. The federal government is looking into the attack to find out who was behind it.

HHS Secretary, Alex Azar said that the HHS has set up very strong barriers so their networks were not penetrated or had degraded functions. There is no restriction on the capability or potential of the people to telework.

The White House National Security Council (NSC) tweeted recently that the information campaign suggesting that President Trump is going to order a national quarantine that will put the country on lockdown, just like in Italy and Spain is fake. It is uncertain if the text message campaign is related to the attempted DDoS attack.

There are furthermore a number of phishing campaigns that use fear of the SARS-CoV-2 and COVID-19 to propagate malware and steal sensitive data. The malicious email campaigns will most likely increase with the developing pandemic. If you get an email message associated with SARS-Cov-2 and COVID-19, confirm if the message is genuine prior to taking action.

For updated details and facts on SARS-Cov-2 and COVID-19, go to the Centers for Disease Control and Prevention (CDC) website.

Ransomware Attack on Illinois Public Health Network

Last week, there was a cyberattack on the Champaign-Urbana Public Health District in Illinois, which allowed cybercriminals to deploy the Netwalker (MailTo) ransomware. The attack deactivated the public health district’s site on March 10, 2020. After a couple of hours, the investigators of the incident confirmed the ransomware attack.

Even during the website outage, employees were able to access critical systems. There was no compromise of electronic medical records or other sensitive information. Six months ago, the medical records were moved to the cloud. The Champaign-Urbana Public Health District was retrieved.